[−][src]Module bundled_crypto::token::paseto
An implementation of the PASETO token standard.
Here is an example usage of the v2 local PASETO protocol:
use bundled_crypto::token::paseto; use bundled_crypto::algo::{Algo, SafeGenerateKey}; fn main() { let key = <paseto::v2::local::Algo as Algo>::Key::safe_generate(&()); let tok = paseto::token::Data { msg: "Hello World!", // Any serializable content. footer: Some("Hello World 2!"), // Any serializable content. }; let encrypted = paseto::v2::local::Protocol.encrypt(tok, &key).unwrap(); let tok: paseto::token::Data<String, String> = paseto::v2::local::Protocol::decrypt(encrypted, &key).unwrap(); }
TODO:
- [x] Constant time verification, dependent on library implementations.
- [ ] Ensure string constant time comparison in the cryptographic primitives.
- [x] Ability send and receive, and decrypt/decode the payload into Rust objects.
- [x] Implement v1 local.
- [x] Implement v1 public.
- [x] Implement v2 local.
- [x] Implement v2 public.
- [x] Disallow accidental usage of public keys with local token keys and vice versa.
- [ ] Disallow setting of
iss
,sub
,aud
,exp
,nbf
,iat
, andjti
in the top level. - [ ] Automatic validation of
iss
,sub
,aud
,exp
,nbf
,iat
, andjti
fields. - [ ] Built in footer validation + key id support.
Modules
error | The possible errors while using PASETO's protocols. |
token | A collection of types used throughout all four standard PASETO protocols. |
v1 | |
v2 |
Traits
KnownClaims | A trait to help with known claims (the |
Functions
collapse_to_vec | A helper for flattening a slice of slices into a single |
multi_part_pre_auth_encoding | Implementation of the pre-auth encoding described by PASETO. |